Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday September 30 2015, @06:41AM   Printer-friendly
from the linux-has-hit-the-big-time dept.

Security researchers have uncovered a network of infected Linux computers that's flooding gaming and education sites with as much as 150 gigabits per second of malicious traffic—enough in some cases to take the targets completely offline.

The XOR DDoS or Xor.DDoS botnet, as the distributed denial-of-service network has been dubbed, targets as many as 20 sites each day, according to an advisory published Tuesday by content delivery network Akamai Technologies. About 90 percent of the targets are located in Asia. In some cases, the IP address of the participating bot is spoofed in a way that makes the compromised machines appear to be part of the network being targeted. That technique can make it harder for defenders to stop the attack.

"In short: Xor.DDoS is a multi-platform, polymorphic malware for Linux OS, and its ultimate goal is to DDoS other machines," a separate writeup on the botnet explained. "The name Xor.DDoS stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs (command and control servers)."

XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself. Akamai's advisory has intrusion-prevention-system signatures for detecting infections and instructions for removing the malware.

"Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch huge DDoS attacks," Stuart Scholly, senior vice president and general manager of Akamai's Security Business Unit, said in a statement. "XOR DDoS is an example of attackers switching focus and building botnets using compromised Linux systems to launch DDoS attacks. This happens much more frequently now than in the past, when Windows machines were the primary targets for DDoS malware."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Touché) by Anonymous Coward on Wednesday September 30 2015, @06:48AM

    by Anonymous Coward on Wednesday September 30 2015, @06:48AM (#243409)
    Like MS-DOS.

    Secure by Default. Zero remote holes in the default install.

    More secure than OpenBSD by their own silly measurement.

    ;)
    Starting Score:    0  points
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  

    Total Score:   1  
  • (Score: 2) by Hyperturtle on Wednesday September 30 2015, @06:09PM

    by Hyperturtle (2824) on Wednesday September 30 2015, @06:09PM (#243624)

    You can install windows 10 from an ISO image as I did, with no NIC.

    It's... secure, sure. but it is not nearly as useful as DOS was, because the later versions of DOS at least had some help menus for many of the programs included relating to the management of DOS that were actually stored locally on disk. Not so with Windows 10.

    It also did not try to sell you things directly, aside perhaps from including the most basic defrag or memory management programs after complaints that these were needed, but they couldn't compete directly with people that sold products that did those things well, etc.

    Most of that mindset is long gone.

    At least with DOS, the PC often came with a means of loading in software in fashion not considered to be a hacker activity, as "side-loading" applications is often viewed as today.